CSPACE-1489

this change is required but may not fix the problem. the web security filter passess through authenticated requests (with or without rememberme). service tests passed. curl asked for password and retrieved accounts successfully too. firefox was still giving 403.

_M   services/sdk
M    services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml

diff --git a/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml b/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml
index 45d75fbd09bc09e32146de2bcd75b9cee4eb854d..419edd1c8c9c4304127799fd53acdd40a0f290b8 100644 (file)
--- a/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/services/JaxRsServiceProvider/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -96,7 +96,7 @@
         <!--property name="securityMetadataSource" ref="cspaceMetadataSource"/-->
         <property name="securityMetadataSource">
             <sec:filter-security-metadata-source>
-                <sec:intercept-url pattern="/**" access="ROLE_USERS"/>
+                <sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED"/>
             </sec:filter-security-metadata-source>
         </property>
     </bean>
@@ -110,8 +110,7 @@
         </property>
     </bean>
 
-    <bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/>
-
+    <bean id="roleVoter" class="org.springframework.security.access.vote.AuthenticatedVoter"/>
     <!--bean id="cspaceMetadataSource" class="org.collectionspace.services.authorization.spring.CSpaceSecurityMetadataSource">
         <property name="urlProperties">
             <util:properties location="classpath:urls.properties" />